File CVE-2025-47807.patch of Package gstreamer-plugins-base.39271

From 9e2238adc1cad1fba5aad23bc8c2a6c2a65794d2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Thu, 8 May 2025 09:14:15 +0300
Subject: [PATCH] subparse: Check for valid UTF-8 before cleaning up lines and
 check for regex replace errors

Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/4418
Fixes CVE-2025-47807

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/9132>
---
diff -urp gst-plugins-base-1.24.0.orig/gst/subparse/gstsubparse.c gst-plugins-base-1.24.0/gst/subparse/gstsubparse.c
--- gst-plugins-base-1.24.0.orig/gst/subparse/gstsubparse.c	2025-06-10 16:05:04.466270285 -0500
+++ gst-plugins-base-1.24.0/gst/subparse/gstsubparse.c	2025-06-11 11:56:52.324789056 -0500
@@ -664,6 +664,12 @@ subrip_unescape_formatting (gchar * txt,
   res = g_regex_replace (tag_regex, txt, strlen (txt), 0,
       replace_pattern, 0, NULL);
 
+  /* Replacing can fail. Return an empty string in that case. */
+  if (!res) {
+    strcpy (txt, "");
+    return;
+  }
+
   /* res will always be shorter than the input or identical, so this
    * copy is OK */
   strcpy (txt, res);
@@ -1035,6 +1041,10 @@ parse_subrip (ParserState * state, const
         g_string_append_c (state->buf, '\n');
       g_string_append (state->buf, line);
       if (strlen (line) == 0) {
+        if (!g_utf8_validate (state->buf->str, state->buf->len, NULL)) {
+          g_string_truncate (state->buf, 0);
+          return NULL;
+        }
         ret = g_markup_escape_text (state->buf->str, state->buf->len);
         g_string_truncate (state->buf, 0);
         state->state = 0;